ca6500 122sx config guide
TRANSCRIPT
Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000
800 553-NETS (6387) Fax: 408 527-0883
Cisco IOS Software Configuration Guide
Release 12.2(33)SXH and Later Releases
Text Part Number: OL-13013-06
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptati on of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public
domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Cisco and the Cisco logo are trademarks or registered t rademarks of Cisco and/or its affiliates i n the U.S. and other countries. To view a l ist of Cisco trademarks, go to this
URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
Cisco IOS Software Configuration Guide, Release 12.2SX
© 2007–2012, Cisco Systems, Inc. All rights r eserved.
OL-13013-06
Preface xli
Audience xli
CHAPTER 1 Product Overview 1-1
Supervisor Engine Memory Devices and Ports 1-1
Understanding Supervisor Engine 720-10GE Memory Devices and Ports 1-1
Understanding Supervisor Engine 720 Memory Devices and Ports 1-2
Understanding Supervisor Engine 32 Memory Devices and Ports 1-4
Understanding ME6500 Flash Memory Devices and Ports 1-5
User Interfaces 1-5
Module Status Monitoring 1-6
Software Features Supported in Hardware by the PFC and DFC 1-6
PART 1 Configuration Fundamentals
Accessing the CLI 2-2
Accessing the CLI through Telnet 2-2
Performing Command Line Processing 2-3
Performing History Substitution 2-4
Displaying a List of Cisco IOS Commands and Syntax 2-5
Securing the CLI 2-6
ROM-Monitor Command-Line Interface 2-7
Understanding Smart Port Macros 3-1
Understanding Cisco-Provided Smart Port Macros 3-1
Understanding User-Created Smart Port Macros 3-2
OL-13013-06
Smart Port Macro Default Configuration 3-2
Smart Port Macro Configuration Guidelines 3-3
Applying the Cisco-Provided Smart Port Macros 3-4
Configuring User-Created Smart Port Macros 3-13
Displaying Smart Port Macros 3-16
CHAPTER 4 Configuring Virtual Switching Systems 4-1
Understanding Virtual Switching Systems 4-1
VSS Overview 4-2
VSS Redundancy 4-11
Multichassis EtherChannels 4-14
Packet Handling 4-16
System Monitoring 4-20
Dual-Active Detection 4-22
VSS Initialization 4-24
VSL Restrictions and Guidelines 4-27
Multichassis EtherChannel Restrictions and Guidelines 4-28
Dual-Active Detection Restrictions and Guidelines 4-28
Service Module Restrictions and Guidelines 4-29
Configuring a VSS 4-29
Displaying VSS Information 4-36
Configuring VSS Parameters 4-38
Configuring Multichassis EtherChannels 4-44
Configuring Dual-Active Detection 4-45
Viewing Chassis Status and Module Information in a VSS 4-53
Upgrading a VSS 4-54
Performing an Enhanced Fast Software Upgrade of a VSS 4-55
PART 2 High Availability
eFSU Overview 5-1
OL-13013-06
Reserving Module Memory 5-3
eFSU Restrictions 5-4
Software Upgrade Process Summary For a Switch 5-5
Preparing for the Upgrade 5-6
Copying the New Software Image 5-8
Loading the New Software onto the Standby Supervisor Engine 5-8
Displaying the Maximum Outage Time for Installed Modules (Optional) 5-10
Forcing a Switchover from Active to Standby 5-10
Accepting the New Software Version and Stopping the Rollback Process (Optional) 5-11
Committing the New Software to the Standby 5-12
Verifying the Software Installation 5-12
Aborting the Upgrade Process 5-13
Performing an eFSU Upgrade on an Installed Modular Image 5-14
Upgrading an Installed Modular Image 5-14
Example an eFSU Upgrade on an Installed Modular Image 5-15
Upgrading a Non-eFSU Image to an eFSU Image 5-16
CHAPTER 6 Configuring NSF with SSO Supervisor Engine Redundancy 6-1
Understanding NSF with SSO Supervisor Engine Redundancy 6-1
NSF with SSO Supervisor Engine Redundancy Overview 6-2
SSO Operation 6-2
NSF Operation 6-3
Routing Protocols 6-4
Supervisor Engine Redundancy Guidelines and Restrictions 6-9
Redundancy Configuration Guidelines and Restrictions 6-9
Hardware Configuration Guidelines and Restrictions 6-10
Configuration Mode Restrictions 6-11
NSF Configuration Tasks 6-11
Configuring Multicast MLS NSF with SSO 6-13
OL-13013-06
Configuring CEF NSF 6-13
Verifying CEF NSF 6-14
Configuring BGP NSF 6-14
Verifying BGP NSF 6-14
Configuring OSPF NSF 6-15
Verifying OSPF NSF 6-16
Configuring IS-IS NSF 6-17
Verifying IS-IS NSF 6-17
Configuring EIGRP NSF 6-19
Verifying EIGRP NSF 6-19
Copying Files to the Redundant Supervisor Engine 6-20
CHAPTER 7 Configuring RPR Supervisor Engine Redundancy 7-1
Understanding RPR 7-1
RPR Operation 7-2
Supervisor Engine Redundancy Guidelines and Restrictions 7-3
Redundancy Guidelines and Restrictions 7-3
Hardware Configuration Guidelines and Restrictions 7-3
Configuration Mode Restrictions 7-4
Configuring Redundancy 7-4
Displaying the Redundancy States 7-5
Performing a Fast Software Upgrade 7-6
Copying Files to the RP 7-7
PART 3 Interface and Hardware Components
CHAPTER 8 Configuring Interfaces 8-1
Understanding Interface Configuration 8-2
Configuring a Range of Interfaces 8-4
Defining and Using Interface-Range Macros 8-6
Configuring Optional Interface Features 8-6
OL-13013-06
Configuring Jumbo Frame Support 8-10
Configuring IEEE 802.3x Flow Control 8-13
Configuring the Port Debounce Timer 8-15
Adding a Description for an Interface 8-16
Understanding Online Insertion and Removal 8-16
Monitoring and Maintaining Interfaces 8-17
Monitoring Interface Status 8-17
Resetting an Interface 8-18
Checking the Cable Status Using the TDR 8-19
CHAPTER 9 Configuring UDLD 9-1
Understanding UDLD 9-1
UDLD Overview 9-2
Disabling UDLD on Fiber-Optic LAN Ports 9-6
Configuring the Global UDLD Probe Message Interval 9-6
Configuring Fast UDLD 9-6
CHAPTER 10 Power Management and Environmental Monitoring 10-1
Understanding Power Management 10-1
Viewing System Power Status 10-4
Power Cycling Modules 10-5
Understanding Environmental Monitoring 10-10
OL-13013-06
CHAPTER 12 Configuring Online Diagnostics 12-1
Understanding Online Diagnostics 12-1
Configuring Online Diagnostics 12-2
Configuring On-Demand Online Diagnostics 12-3
Scheduling Online Diagnostics 12-4
Configuring Health-Monitoring Diagnostics 12-5
Starting and Stopping Online Diagnostic Tests 12-6
Running All Online Diagnostic Tests 12-7
Displaying Online Diagnostic Tests and Test Results 12-7
Performing Memory Tests 12-12
Understanding OBFL 13-1
Restrictions for OBFL 13-9
Enabling OBFL Message Logging: Example 13-10
OBFL Message Log: Example 13-10
OBFL Component Uptime Report: Example 13-10
OBFL Report for a Specific Time: Example 13-11
CHAPTER 14 Configuring and Monitoring the Switch Fabric Functionality 14-1
Understanding the Switch Fabric Functionality 14-1
Switch Fabric Functionality Overview 14-2
Forwarding Decisions for Layer 3-Switched Traffic 14-2
Switching Modes 14-2
Displaying the Switch Fabric Redundancy Status 14-4
Displaying Fabric Channel Switching Modes 14-4
OL-13013-06
Displaying Fabric Errors 14-6
Understanding Cisco IP Phone Support 15-1
Cisco IP Phone Connections 15-2
Cisco IP Phone Voice Traffic 15-2
Cisco IP Phone Data Traffic 15-3
Other Cisco IP Phone Features 15-3
Default Cisco IP Phone Support Configuration 15-4
Cisco IP Phone Support Configuration Guidelines and Restrictions 15-4
Configuring Cisco IP Phone Support 15-5
Configuring Voice Traffic Support 15-5
Configuring Data Traffic Support 15-6
CHAPTER 16 Configuring Power over Ethernet Support 16-1
Understanding PoE 16-1
Device Roles 16-2
PoE Overview 16-2
LLDP Inline Power Negotiation for PoE+ (IEEE 802.3at) 16-4
Configuring PoE Support 16-4
Displaying PoE Status 16-5
Configuring PoE Monitoring and Policing 16-8
Disabling LLDP Power Negotiation (IEEE 802.3at) 16-8
PART 2 LAN Switching
CHAPTER 17 Configuring LAN Ports for Layer 2 Switching 17-1
Understanding Layer 2 Switching 17-1
Understanding Layer 2 Ethernet Switching 17-1
Understanding VLAN Trunks 17-3
Default Layer 2 LAN Interface Configuration 17-5
OL-13013-06
Configuring LAN Interfaces for Layer 2 Switching 17-6
Configuring a LAN Port for Layer 2 Switching 17-7
Enabling Out-of-Band MAC Address Table Synchronization 17-8
Configuring MAC Address Table Notification 17-8
Configuring a Layer 2 Switching Port as a Trunk 17-10
Configuring a LAN Interface as a Layer 2 Access Port 17-16
Configuring an IEEE 802.1Q Custom EtherType Field Value 17-18
CHAPTER 18 Configuring Flex Links 18-1
Understanding Flex Links 18-1
Configuring Flex Links 18-3
Flex Links Configuration Guidelines and Restrictions 18-4
Configuring Flex Links 18-4
Monitoring Flex Links 18-5
Understanding EtherChannels 19-1
Understanding Load Balancing 19-5
Configuring EtherChannels 19-8
Configuring Port Channel Logical Interfaces for Layer 3 EtherChannels 19-8
Configuring Channel Groups 19-9
Configuring EtherChannel Load Balancing 19-12
Configuring EtherChannel Hash-Distribution Algorithm 19-13
Configuring the EtherChannel Min-Links Feature 19-14
Configuring LACP 1:1 Redundancy 19-15
Configuring Auto Interleaved Port Priority For LACP Port Channels 19-16
Configuring LACP Port-Channel Standalone Disable 19-17
CHAPTER 20 Configuring mLACP for Server Access 20-1
Understanding mLACP for Server Access 20-1
OL-13013-06
Understanding mLACP Operation 20-2
Failure Protection Scenarios 20-6
Configuring mLACP for Server Access 20-10
Summary of mLACP PoA Configuration Values 20-11
Configuring mLACP Global Options 20-11
Configuring the Interchassis Communication Channel 20-12
Configuring Interchassis Redundancy Groups 20-13
Forcing a PoA Failover 20-18
Troubleshooting mLACP 20-18
CHAPTER 21 Configuring IEEE 802.1ak MVRP and MRP 21-1
Understanding IEEE 802.1ak MVRP and MRP 21-1
Overview 21-1
MVRP Interoperation with Non-Cisco Devices 21-5
MVRP Interoperability with Other Software Features and Protocols 21-5
IEEE 802.1ak MVRP and MRP Guidelines and Restrictions 21-7
Configuring IEEE 802.1ak MVRP and MRP 21-8
Enabling MVRP 21-8
Enabling MVRP Dynamic VLAN Creation 21-9
Changing the MVRP Registrar State 21-9
Troubleshooting the MVRP Configuration 21-10
Configuration Examples for IEEE 802.1ak MVRP and MRP 21-11
Enabling MVRP 21-11
Enabling Dynamic VLAN Creation 21-11
Changing the MVRP Registrar State 21-11
CHAPTER 22 Configuring VTP 22-1
Understanding VTP 22-1
Understanding VTP Modes 22-3
OL-13013-06
Understanding VTP Pruning 22-6
VLAN Interaction 22-8
Interaction Between VTP Version 3 and VTP Version 2 Devices 22-8
Interaction Between VTP Version 3 and VTP Version 1 Devices 22-8
VTP Default Configuration 22-8
Configuring VTP 22-10
Configuring VTP Mode on a Per-Port Basis 22-17
Displaying VTP Statistics 22-18
Understanding VLANs 23-1
VLAN Overview 23-2
VLAN Ranges 23-2
Configuring VLANs 23-3
VLAN Locking 23-4
Assigning a Layer 2 LAN Interface to a VLAN 23-6
Configuring the Internal VLAN Allocation Policy 23-7
Configuring VLAN Translation 23-7
Saving VLAN Information 23-11
Understanding Private VLANs 24-1
Private VLAN Domains 24-2
Private VLAN Ports 24-3
Private VLAN Port Isolation 24-4
IP Addressing Scheme with Private VLANs 24-4
OL-13013-06
Private VLAN Interaction with Other Features 24-5
Private VLAN Configuration Guidelines and Restrictions 24-6
Secondary and Primary VLAN Configuration 24-7
Private VLAN Port Configuration 24-9
Limitations with Other Features 24-9
Configuring Private VLANs 24-11
Configuring a VLAN as a Private VLAN 24-11
Associating Secondary VLANs with a Primary VLAN 24-12
Mapping Secondary VLANs to the Layer 3 VLAN Interface of a Primary VLAN 24-13
Configuring a Layer 2 Interface as a Private VLAN Host Port 24-15
Configuring a Layer 2 Interface as a Private VLAN Promiscuous Port 24-16
Monitoring Private VLANs 24-17
Understanding Private Hosts 25-1
Private Hosts Overview 25-2
Isolating Hosts in a VLAN 25-2
Restricting Traffic Flow (Using Private Hosts Port Mode and PACLs) 25-3
Port ACLs 25-5
General Restrictions 25-6
ACL Guidelines 25-6
Interaction with Other Features 25-7
Spoofing Protection 25-7
Multicast Operation 25-8
CHAPTER 26 Configuring IEEE 802.1Q Tunneling 26-1
Understanding 802.1Q Tunneling 26-1
Configuring 802.1Q Tunneling 26-6
OL-13013-06
CHAPTER 27 Configuring Layer 2 Protocol Tunneling 27-1
Understanding Layer 2 Protocol Tunneling 27-1
Configuring Support for Layer 2 Protocol Tunneling 27-2
CHAPTER 28 Configuring STP and MST 28-1
Understanding STP 28-2
STP Overview 28-2
Understanding Bridge Protocol Data Units 28-4
Election of the Root Bridge 28-4
STP Protocol Timers 28-5
STP Port States 28-6
Understanding IEEE 802.1w RSTP 28-13
Port Roles and the Active Topology 28-13
Rapid Convergence 28-14
Bridge Protocol Data Unit Format and Processing 28-16
Topology Changes 28-17
Hop Count 28-23
Boundary Ports 28-23
Configuring STP 28-26
Configuring the Root Bridge 28-30
Configuring a Secondary Root Bridge 28-31
Configuring STP Port Priority 28-32
Configuring STP Port Cost 28-33
OL-13013-06
Configuring the Hello Time 28-36
Configuring the Forward-Delay Time for a VLAN 28-36
Configuring the Maximum Aging Time for a VLAN 28-37
Enabling Rapid-PVST 28-37
Configuring MST 28-38
Specifying the MST Region Configuration and Enabling MST 28-40
Configuring the Root Bridge 28-41
Configuring a Secondary Root Bridge 28-43
Configuring Port Priority 28-43
Configuring Path Cost 28-44
Configuring the Transmit Hold Count 28-47
Configuring the Maximum-Aging Time 28-48
Configuring the Maximum-Hop Count 28-48
Specifying the Link Type to Ensure Rapid Transitions 28-48
Designating the Neighbor Type 28-49
Restarting the Protocol Migration Process 28-50
Displaying the MST Configuration and Status 28-50
CHAPTER 29 Configuring Optional STP Features 29-1
Understanding the Optional STP Features 29-1
Understanding STP Port Types 29-2
Understanding PortFast 29-2
Understanding UplinkFast 29-6
Understanding BackboneFast 29-7
Enabling PortFast 29-12
OL-13013-06
Enabling BPDU Guard 29-16
Examples in Release 12.2(33)SXI and Later Releases 29-23
Examples in Releases Earlier Than Release 12.2(33)SXI 29-26
PART 3 IP Routing Protocols
CHAPTER 30 Configuring Layer 3 Interfaces 30-1
Layer 3 Interface Configuration Guidelines and Restrictions 30-2
Configuring Subinterfaces on Layer 3 Interfaces 30-2
Configuring IPv4 Routing and Addresses 30-4
Configuring IPX Routing and Network Numbers 30-7
Configuring AppleTalk Routing, Cable Ranges, and Zones 30-8
Configuring Other Protocols on Layer 3 Interfaces 30-9
CHAPTER 31 Configuring UDE and UDLR 31-1
Understanding UDE and UDLR 31-1
UDE and UDLR Overview 31-2
Supported Hardware 31-2
Understanding UDE 31-2
Understanding UDLR 31-3
Configuring UDE 31-4
Configuring UDLR 31-6
CHAPTER 32 Configuring Multiprotocol Label Switching 32-1
MPLS 32-2
OL-13013-06
Supported MPLS Commands 32-7
MPLS Configuration Examples 32-8
Match on ATM CLP Bit 32-10
Set on ATM CLP Bit 32-12
VPN Switching 32-13
MPLS VPN Supported Commands 32-14
Configuring MPLS VPN 32-15
AToM Load Balancing 32-17
Configuring EoMPLS 32-19
CHAPTER 33 Configuring A-VPLS 33-1
Understanding A-VPLS 33-1
Enabling Port-Channel Load-Balancing 33-4
Explicitly Specifying the PE Routers As Part of Virtual Ethernet Interface Configuration 33-4
Configuring an MPLS Traffic Engineering Tunnel 33-5
Configuring a GRE Tunnel 33-6
Routed Pseudo-Wire (RPW) and Routed VPLS 33-8
PART 5 IP Switching
OL-13013-06
Understanding Layer 3 Switching 34-2
Understanding Hardware Layer 3 Switching 34-2
Understanding Layer 3-Switched Packet Rewrite 34-2
Default Hardware Layer 3 Switching Configuration 34-4
Configuration Guidelines and Restrictions 34-4
Configuring Hardware Layer 3 Switching 34-5
Displaying Hardware Layer 3 Switching Statistics 34-6
PART 6 IPv6
CHAPTER 35 Configuring IPv6 Multicast PFC3 and DFC3 Layer 3 Switching 35-1
Features that Support IPv6 Multicast 35-2
IPv6 Multicast Guidelines and Restrictions 35-2
New or Changed IPv6 Multicast Commands 35-3
Configuring IPv6 Multicast Layer 3 Switching 35-3
Using show Commands to Verify IPv6 Multicast Layer 3 Switching 35-3
Verifying MFIB Clients 35-4
Verifying the (S,G) Forwarding Capability 35-5
Verifying the (*,G) Forwarding Capability 35-5
Verifying the Subnet Entry Support Status 35-5
Verifying the Current Replication Mode 35-5
Displaying the Replication Mode Auto-Detection Status 35-5
Displaying the Replication Mode Capabilities 35-6
Displaying Subnet Entries 35-6
Displaying the NetFlow Hardware Forwarding Count 35-7
Displaying the FIB Hardware Bridging and Drop Counts 35-7
Displaying the Shared and Well-Known Hardware Adjacency Counters 35-7
CHAPTER 36 Configuring MLD Snooping for IPv6 Multicast Traffic 36-1
Understanding MLD Snooping 36-2
MLD Snooping Overview 36-2
OL-13013-06
Leaving a Multicast Group 36-6
Understanding the MLD Snooping Querier 36-7
Default MLD Snooping Configuration 36-8
MLD Snooping Configuration Guidelines and Restrictions 36-8
MLD Snooping Querier Configuration Guidelines and Restrictions 36-9
Enabling the MLD Snooping Querier 36-9
Configuring MLD Snooping 36-10
Enabling MLD Snooping 36-10
Configuring a Multicast Router Port Statically 36-11
Configuring the MLD Snooping Query Interval 36-12
Enabling Fast-Leave Processing 36-12
Configuring Report Suppression 36-14
PART 7 IP Multicast
Understanding IPv4 Multicast Layer 3 Switching 37-1
IPv4 Multicast Layer 3 Switching Overview 37-2
Multicast Layer 3 Switching Cache 37-2
Layer 3-Switched Multicast Packet Rewrite 37-3
Partially and Completely Switched Flows 37-4
Non-RPF Traffic Processing 37-5
Default IPv4 Multicast Layer 3 Switching Configuration 37-9
IPv4 Multicast Layer 3 Switching Configuration Guidelines and Restrictions 37-10
Restrictions 37-10
Source-Specific Multicast with IGMPv3, IGMP v3lite, and URD 37-11
Enabling IPv4 Multicast Routing Globally 37-11
Enabling IPv4 PIM on Layer 3 Interfaces 37-12
Enabling IP Multicast Layer 3 Switching Globally 37-12
OL-13013-06
Enabling IP Multicast Layer 3 Switching on Layer 3 Interfaces 37-13
Configuring the Replication Mode 37-13
Enabling Local Egress Replication 37-15
Configuring the Layer 3 Switching Global Threshold 37-16
Enabling Installation of Directly Connected Subnets 37-17
Specifying the Flow Statistics Message Interval 37-17
Enabling Shortcut-Consistency Checking 37-17
Displaying RPF Failure Rate-Limiting Information 37-18
Configuring Multicast Boundary 37-19
Displaying the IPv4 Multicast Routing Table 37-22
Displaying IPv4 Multicast Layer 3 Switching Statistics 37-23
Configuring IPv4 Bidirectional PIM 37-24
Enabling IPv4 Bidirectional PIM Globally 37-24
Configuring the Rendezvous Point for IPv4 Bidirectional PIM Groups 37-25
Setting the IPv4 Bidirectional PIM Scan Interval 37-25
Displaying IPv4 Bidirectional PIM Information 37-26
Using IPv4 Debug Commands 37-28
Clearing IPv4 Multicast Layer 3 Switching Statistics 37-28
Redundancy for Multicast Traffic 37-29
CHAPTER 38 Configuring IGMP Snooping for IPv4 Multicast Traffic 38-1
Understanding IGMP Snooping 38-2
IGMP Snooping Overview 38-2
Understanding the IGMP Snooping Querier 38-5
Understanding IGMP Version 3 Support 38-5
Default IGMP Snooping Configuration 38-7
IGMP Snooping Configuration Guidelines and Restrictions 38-8
IGMP Snooping Querier Configuration Guidelines and Restrictions 38-8
Configuring IGMP Snooping 38-9
Enabling IGMP Snooping 38-9
Enabling IGMP Fast-Leave Processing 38-13
Configuring Source-Specific Multicast Mapping 38-14
CGMP Automatic Detection 38-14
OL-13013-06
CHAPTER 39 Configuring MVR for IPv4 Multicast Traffic 39-1
Understanding MVR 39-1
Configuring MVR 39-4
Configuring MVR Global Parameters 39-5
Configuring MVR Interfaces 39-6
Displaying MVR Information 39-8
Clearing MVR Counters 39-9
CHAPTER 40 Configuring IPv4 IGMP Filtering and Router Guard 40-1
Understanding IGMP Filtering 40-1
IGMP Filtering Overview 40-2
Understanding Router Guard 40-7
Router Guard Overview 40-8
Configuring Router Guard 40-8
CHAPTER 41 Configuring PIM Snooping 41-1
Understanding PIM Snooping 41-1
PIM Snooping Configuration Guidelines and Restrictions 41-4
Configuring PIM Snooping 41-5
Enabling PIM Snooping in a VLAN 41-5
Disabling PIM Snooping Designated-Router Flooding 41-6
OL-13013-06
Understanding MVPN 42-1
MVPN Overview 42-2
Multicast Distribution Trees 42-2
Multicast Tunnel Interfaces 42-5
Multicast Distributed Switching Support 42-6
Hardware-Assisted IPv4 Multicast 42-6
Configuring MVPN 42-8
Configuring a Multicast VPN Routing and Forwarding Instance 42-9
Configuring Multicast VRF Routing 42-15
Configuring Interfaces for Multicast Routing to Support MVPN 42-19
Sample Configurations for MVPN 42-21
MVPN Configuration with Default MDTs Only 42-21
MVPN Configuration with Default and Data MDTs 42-23
PART 8 Quality of Service
CHAPTER 43 Configuring PFC QoS 43-1
Understanding PFC QoS 43-2
Overview 43-2
Policers 43-17
Default Values with PFC QoS Enabled 43-28
Default Values with PFC QoS Disabled 43-52
PFC QoS Configuration Guidelines and Restrictions 43-52
General Guidelines 43-53
Policy Map Class Command Restrictions 43-56
Supported Granularity for CIR and PIR Rate Values 43-56
OL-13013-06
Supported Granularity for CIR and PIR Token Bucket Sizes 43-57
IP Precedence and DSCP Values 43-58
Configuring PFC QoS 43-58
Configuring DSCP Transparency 43-61
Enabling Queueing-Only Mode 43-61
Enabling VLAN-Based PFC QoS on Layer 2 LAN Ports 43-63
Enabling Egress ACL Support for Remarked DSCP 43-63
Creating Named Aggregate Policers 43-64
Configuring a PFC QoS Policy 43-67
Configuring Egress DSCP Mutation 43-85
Configuring Ingress CoS Mutation on IEEE 802.1Q Tunnel Ports 43-86
Configuring DSCP Value Maps 43-89
Configuring the Trust State of Ethernet LAN Ports 43-92
Configuring Trusted Boundary with Cisco Device Verification 43-94
Configuring the Ingress LAN Port CoS Value 43-94
Configuring Standard-Queue Drop Threshold Percentages 43-95
Mapping QoS Labels to Queues and Drop Thresholds 43-100
Allocating Bandwidth Between Standard Transmit Queues 43-110
Setting the Receive-Queue Size Ratio 43-112
Configuring the Transmit-Queue Size Ratio 43-113
Common QoS Scenarios 43-114
Sample Network Design Overview 43-114
Classifying Traffic from PCs and IP Phones in the Access Layer 43-115
Accepting the Traffic Priority Value on Interswitch Links 43-118
Prioritizing Traffic on Interswitch Links 43-119
Using Policers to Limit the Amount of Traffic from a PC 43-122
PFC QoS Glossary 43-123
Understanding AutoQoS 44-1
AutoQoS Support for Cisco IP Communicator 44-2
AutoQoS Support for Marked Traffic 44-2
Using AutoQoS 44-3
Configuring AutoQoS 44-4
OL-13013-06
Terminology 45-2
MPLS QoS Overview 45-4
MPLS QoS 45-5
LERs at the Input Edge of an MPLS Network 45-6
LSRs in the Core of an MPLS Network 45-6
LERs at the Output Edge of an MPLS Network 45-7
Understanding MPLS QoS 45-7
LERs at the IP Edge (MPLS, MPLS VPN) 45-9
LSRs at the MPLS Core 45-13
MPLS QoS Default Configuration 45-15
MPLS QoS Commands 45-16
Configuring MPLS QoS 45-17
Enabling QoS Globally 45-18
Enabling Queueing-Only Mode 45-19
Configuring the MPLS Packet Trust State on Ingress Ports 45-22
Configuring a Policy Map 45-22
Displaying a Policy Map 45-27
Configuring MPLS QoS Egress EXP Mutation 45-28
Configuring EXP Value Maps 45-29
MPLS DiffServ Tunneling Modes 45-30
Short Pipe Mode 45-31
Configuring Short Pipe Mode 45-34
Ingress PE Router—Customer Facing Interface 45-35
OL-13013-06
Configuring the P Router—Output Interface 45-37
Configuring the Egress PE Router—Customer Facing Interface 45-38
Configuring Uniform Mode 45-39
Understanding PFC QoS Statistics Data Export 46-1
PFC QoS Statistics Data Export Default Configuration 46-2
Configuring PFC QoS Statistics Data Export 46-2
PART 9 Security
Configuring TCP Intercept 47-2
Configuring Unicast RPF Check 47-4
CHAPTER 48 Using AutoSecure 48-1
Understanding AutoSecure 48-1
Configuring AutoSecure 48-6
Configuring Additional Security 48-8
ACL Support in Hardware and Software 49-1
Cisco IOS ACL Configuration Guidelines and Restrictions 49-3
OL-13013-06
Configuring PBACL 49-4
Optimized ACL Logging 49-8
Configuring OAL 49-8
Guidelines and Restrictions for Using Layer 4 Operators in ACLs 49-10
Determining Layer 4 Operation Usage 49-10
Determining Logical Operation Unit Usage 49-11
CHAPTER 50 Configuring Cisco TrustSec 50-1
Hardware Supported 50-3
Understanding ACLs 51-2
Understanding ACLs 51-2
Understanding VACLs 51-2
Configuring PACLs 51-8
PACL Configuration Guidelines 51-8
Configuring IP and MAC ACLs on a Layer 2 Interface 51-9
Configuring Access-group Mode on Layer 2 Interface 51-9
Applying ACLs to a Layer 2 Interface 51-10
Applying ACLs to a Port Channel 51-10
Displaying an ACL Configuration on a Layer 2 Interface 51-10
Configuring VACLs 51-11
Defining a VLAN Access Map 51-13
Configuring a Match Clause in a VLAN Access Map Sequence 51-13
Configuring an Action Clause in a VLAN Access Map Sequence 51-14
Applying a VLAN Access Map 51-15
Verifying VLAN Access Map Configuration 51-15
VLAN Access Map Configuration and Verification Examples 51-16
Configuring a Capture Port 51-16
Configuring MAC PBF 51-18
OL-13013-06
Understanding DoS Protection 52-2
DoS Protection Configuration Guidelines and Restrictions 52-13
Monitoring Packet Drop Statistics 52-14
Displaying Rate-Limiter Information 52-16
Configuring Sticky ARP 52-18
Understanding Control Plane Policing 53-1
CoPP Default Configuration 53-2
Configuring CoPP 53-3
Monitoring CoPP 53-4
CHAPTER 54 Configuring DHCP Snooping 54-1
Understanding DHCP Snooping 54-1
Packet Validation 54-3
Overview of the DHCP Snooping Database Agent 54-5
DHCP Snooping Host Tracking 54-6
Default Configuration for DHCP Snooping 54-7
DHCP Snooping Configuration Restrictions and Guidelines 54-7
DHCP Snooping Configuration Restrictions 54-7
DHCP Snooping Configuration Guidelines 54-8
Minimum DHCP Snooping Configuration 54-8
Configuring DHCP Snooping 54-9
Enabling DHCP Option-82 Data Insertion 54-10
OL-13013-06
Enabling DHCP Snooping Host Tracking 54-11
Enabling DHCP Snooping MAC Address Verification 54-12
Enabling DHCP Snooping on VLANs 54-13
Configuring the DHCP Trust State on Layer 2 LAN Interfaces 54-14
Configuring Spurious DHCP Server Detection 54-14
Configuring DHCP Snooping Rate Limiting on Layer 2 LAN Interfaces 54-15
Configuring the DHCP Snooping Database Agent 54-16
Configuration Examples for the Database Agent 54-16
Displaying a Binding Table 54-19
CHAPTER 55 Configuring IP Source Guard 55-1
Overview of IP Source Guard 55-1
IP Source Guard Interaction with VLAN-Based Features 55-2
Channel Ports 55-2
Trunk Ports 55-2
IP Source Guard and Voice VLAN 55-2
IP Source Guard and Web-Based Authentication 55-2
IP Source Guard Restrictions 55-3
Configuring IP Source Guard on the Switch 55-3
Displaying IP Source Guard Information 55-4
Displaying IP Source Binding Information 55-6
CHAPTER 56 Configuring Dynamic ARP Inspection 56-1
Understanding DAI 56-1
Understanding ARP 56-2
Understanding DAI and ARP Spoofing Attacks 56-2
Interface Trust States and Network Security 56-3
Rate Limiting of ARP Packets 56-4
Relative Priority of ARP ACLs and DHCP Snooping Entries 56-4
Logging of Dropped Packets 56-5
Default DAI Configuration 56-5
Configuring DAI 56-6
Configuring the DAI Interface Trust State 56-8
Applying ARP ACLs for DAI Filtering 56-8
OL-13013-06
Enabling DAI Error-Disabled Recovery 56-10
Enabling Additional Validation 56-11
Configuring DAI Logging 56-12
Displaying DAI Information 56-14
DAI Configuration Samples 56-15
Understanding Traffic Storm Control 57-1
Default Traffic Storm Control Configuration 57-3
Configuration Guidelines and Restrictions 57-3
Configuring Traffic Storm Control 57-4
Enabling Traffic Storm Control 57-4
Configuring the Traffic Storm Control Shutdown Mode 57-6
Configuring Traffic Storm Control SNMP Traps 57-6
Displaying Traffic Storm Control Settings 57-7
CHAPTER 58 Configuring Unknown Unicast and Multicast Flood Control 58-1
Understanding Unknown Traffic Flood Control 58-2
Configuring UUFB or UMFB 58-2
Configuring UUFRL 58-3
Understanding NAC 59-1
NAC Overview 59-2
Configuring NAC IP Validation 59-14
Configuring EAPoUDP 59-18
Configuring NAC High Availability 59-19
OL-13013-06
Monitoring and Maintaining NAC 59-23
Clearing Table Entries 59-23
Displaying NAC Information 59-23
Understanding 802.1X Port-Based Authentication 60-1
Understanding 802.1X Device Roles 60-2
Understanding the Port-based Authentication Process 60-3
Authentication Initiation and Message Exchange 60-6
Ports in Authorized and Unauthorized States 60-8
802.1X Host Modes 60-9
Understanding 802.1X Accounting 60-12
Understanding Multiple VLANs and VLAN User Distribution with VLAN Assignment 60-15
Understanding 802.1X Authentication with Guest VLAN 60-15
Understanding 802.1X Authentication with Restricted VLAN 60-16
Understanding 802.1X Authentication with Inaccessible Authentication Bypass 60-17
Understanding 802.1X Authentication with Voice VLAN Ports 60-18
Understanding 802.1X Authentication Critical Voice VLAN Support 60-19
Understanding 802.1X Authentication with Port Security 60-19
Understanding 802.1X Authentication with ACL Assignments and Redirect URLs 60-20
Understanding 802.1X Authentication with Port Descriptors 60-22
Understanding 802.1X Authentication with MAC Authentication Bypass 60-23
Understanding Network Admission Control Layer 2 IEEE 802.1X Validation 60-24
Understanding RADIUS Change of Authorization 60-25
Understanding 802.1X Authentication with Wake-on-LAN 60-25
Understanding MAC Move 60-26
Understanding MAC Replace 60-27
(NEAT) 60-27
802.1X Authentication 60-29
MAC Authentication Bypass 60-32
OL-13013-06
Enabling 802.1X Authentication 60-35
Configuring Switch-to-RADIUS-Server Communication 60-37
Enabling Fallback Authentication 60-40
Enabling Periodic Reauthentication 60-42
Initializing Authentication for the Client Connected to a Port 60-44
Removing 802.1X Client Information 60-44
Clearing Authentication Sessions 60-45
Changing 802.1X Timeouts 60-45
Setting the Reauthentication Number 60-47
Configuring IEEE 802.1X Accounting 60-48
Configuring VLAN User Distribution 60-49
Configuring a Guest VLAN 60-49
Configuring a Restricted VLAN 60-51
Configuring the Inaccessible Authentication Bypass Feature 60-53
Enabling Critical Voice VLAN Support 60-56
Configuring MAC Authentication Bypass 60-57
Configuring NAC Layer 2 IEEE 802.1X Validation 60-58
Configuring NAC Agentless Audit Support 60-59
Configuring the Switch for DACLs or Redirect URLs 60-60
Configuring a Port to Ignore CoA Commands 60-62
Configuring 802.1X Authentication with WoL 60-62
Disabling 802.1X Authentication on the Port 60-63
Resetting the 802.1X Configuration to the Default Values 60-63
Configuring an Authenticator and a Supplicant Switch with NEAT 60-64
Displaying Authentication Status and Information 60-65
Displaying 802.1X Status 60-66
Enabling MAC Move 60-71
Enabling MAC Replace 60-71
Understanding Web-Based Authentication 61-1
OL-13013-06
Web-based Authentication Interactions with Other Features 61-5
Configuring Web-Based Authentication 61-6
Web-based Authentication Configuration Guidelines and Restrictions 61-7
Web-based Authentication Configuration Task List 61-8
Configuring the Authentication Rule and Interfaces 61-8
Configuring AAA Authentication 61-9
Configuring Switch-to-RADIUS-Server Communication 61-9
Configuring an AAA Fail Policy 61-13
Configuring the Web-based Authentication Parameters 61-14
Removing Web-based Authentication Cache Entries 61-15
Displaying Web-Based Authentication Status 61-15
CHAPTER 62 Configuring Port Security 62-1
Understanding Port Security 62-1
Port Security with Dynamically Learned and Static MAC Addresses 62-2
Port Security with Sticky MAC Addresses 62-2
Port Security with IP Phones 62-3
Default Port Security Configuration 62-3
Port Security Guidelines and Restrictions 62-3
Configuring Port Security 62-5
Enabling Port Security 62-5
Configuring the Port Security Violation Mode on a Port 62-6
Configuring the Port Security Rate Limiter 62-7
Configuring the Maximum Number of Secure MAC Addresses on a Port 62-9
Enabling Port Security with Sticky MAC Addresses on a Port 62-9
Configuring a Static Secure MAC Address on a Port 62-10
Configuring Secure MAC Address Aging on a Port 62-11
Displaying Port Security Settings 62-12
PART 10 NetFlow
OL-13013-06
Understanding NetFlow 63-1
NetFlow Overview 63-2
NetFlow Features 63-3
Configuring NetFlow Features 63-13
Understanding NDE 64-2
NDE Overview 64-2
Default NDE Configuration 64-10
Configuring NDE 64-10
Enabling NDE for Ingress-Bridged IP Traffic 64-14
Displaying the NDE Address and Port Configuration 64-15
Configuring NDE Flow Filters 64-16
Displaying the NDE Configuration 64-17
PART 11 Network Management
Understanding Call Home 65-2
Default Settings 65-3
OL-13013-06
Configuring Destination Profiles 65-5
Enabling Call Home 65-16
Configuring and Enabling Smart Call Home 65-19
Configuring the Smart Call Home Service 65-20
Enabling the Smart Call Home Service 65-20
Declare and Authenticate a CA Trustpoint 65-21
Start Smart Call Home Registration 65-22
Displaying Call Home Configuration Information 65-23
Alert Group Trigger Events and Commands 65-26
Message Contents 65-33
Understanding the System Event Archive 66-1
Displaying the SEA Logging System 66-2
Copying the SEA To Another Device 66-3
CHAPTER 67 Backplane Traffic Monitoring 67-1
Understanding Traffic Monitoring 67-1
CHAPTER 68 Configuring Local SPAN, RSPAN, and ERSPAN 68-1
Understanding Local SPAN, RSPAN, and ERSPAN 68-1
Local SPAN, RSPAN, and ERSPAN Overview 68-2
Local SPAN, RSPAN, and ERSPAN Sources 68-5
Local SPAN, RSPAN, and ERSPAN Destinations 68-7
Local SPAN, RSPAN, and ERSPAN Configuration Guidelines and Restrictions 68-7
General Guidelines and Restrictions 68-8
Feature Incompatibilities 68-8
Local SPAN, RSPAN, and ERSPAN Guidelines and Restrictions 68-10
OL-13013-06
Distributed Egress SPAN Mode Guidelines and Restrictions 68-14
Configuring Local SPAN, RSPAN, and ERSPAN 68-15
Local SPAN, RSPAN, and ERSPAN Default Configuration 68-15
Configuring a Destination as an Unconditional Trunk (Optional) 68-16
Configuring Destination Trunk VLAN Filtering (Optional) 68-16
Configuring Destination Port Permit Lists (Optional) 68-18
Configuring the Egress SPAN Mode (Optional) 68-18
Configuring Local SPAN 68-19
Verifying the Configuration 68-35
Understanding SNMP IfIndex Persistence 69-1
Configuring SNMP IfIndex Persistence 69-2
Enabling SNMP IfIndex Persistence Globally 69-2
Disabling SNMP IfIndex Persistence Globally 69-2
Enabling and Disabling SNMP IfIndex Persistence on Specific Interfaces 69-3
Clearing SNMP IfIndex Persistence Configuration from a Specific Interface 69-3
CHAPTER 70 Using Top-N Reports 70-1
Understanding Top-N Reports 70-1
Top-N Reports Overview 70-1
Using Top-N Reports 70-2
Displaying Top-N Reports 70-3
Clearing Top-N Reports 70-4
Understanding the Layer 2 Traceroute Utility 71-1
Usage Guidelines 71-2
OL-13013-06
Configuring the Mini Protocol Analyzer 72-2
Filtering the Packets to be Captured 72-4
Starting and Stopping a Capture 72-5
Displaying and Exporting the Capture Buffer 72-7
Mini Protocol Analyzer Configuration, Operation, and Display Examples 72-8
General Configuration Examples 72-8
Filtering Configuration Examples 72-9
APPEND IX A Configuring Ethernet Services Plus Line Cards A-1
Release 12.2SX ES+ Line Card Support and Restrictions A-2
Line Card Configuration A-2
Resetting an ES+ Line Card A-3
Configuring QoS A-3
Supported Interfaces A-4
QoS Functions A-4
Configuring Classification A-6
Configuring Policing A-9
Configuring Marking A-16
Configuring Shaping A-19
Configuring Hierarchical QoS A-29
MPLS Traffic Engineering Overview A-33
MPLS Traffic Engineering Class-Based Tunnel Selection Restrictions and Usage Guidelines A-33
Creating Multiple MPLS Member TE or DS-TE Tunnels with the Same Headend and the Same
Tailend A-34
Creating a Master Tunnel, Attaching Member Tunnels, and Making the Master Tunnel Visible A-35
Verifying the MPLS Configuration A-38
Configuring IPoDWDM A-41
OL-13013-06
FPD Quick Upgrade A-50
Upgrading FPD Images A-51
Optional FPD Procedures A-54
Troubleshooting A-57
Using the Cisco IOS Event Tracer to Troubleshoot Problems A-58
Troubleshooting XFP Issues A-58
Preparing for Online Insertion and Removal of ES+ Line Cards A-59
APPEND IX B Online Diagnostic Tests B-1
Global Health-Monitoring Tests B-2
TestBadBpduTrap B-14
OL-13013-06
TestBadBpdu B-17
TestCapture B-17
TestConditionalLearn B-18
TestDontLearn B-18
TestIndexLearn B-19
TestNewLearn B-19
TestPortSecurity B-20
TestProtocolMatchChannel B-20
TestStaticEntry B-21
TestTrap B-21
TestAclDeny B-22
TestAclPermit B-22
TestFibDevices B-23
TestIPv4FibShortcut B-23
TestIPv6FibShortcut B-24
TestL3Capture2 B-24
TestMPLSFibShortcut B-25
TestNATFibShortcut B-25
TestNetflowShortcut B-26
TestQoSTcam B-26
TestAclDeny B-27
TestAclFpgaMonitor B-27
TestAclPermit B-28
TestFibDevices B-28
TestIPv4FibShortcut B-29
TestIPv6FibShortcut B-29
TestL3Capture2 B-30
TestMPLSFibShortcut B-30
TestNATFibShortcut B-31
TestNetflowShortcut B-31
TestQoSTcam B-32
OL-13013-06
OL-13013-06
INDEX
OL-13013-06
Preface
This preface describes who should read the Cisco IOS Software Configuration Guide, Release 12.2SX ,
and its document conventions.
Audience This guide is for experienced network administrators who are responsible for configuring and
maintaining the switches supported in Cisco IOS Release 12.2SX.
Related Documentation The following publications are available for Cisco IOS Release 12.2SX:
Catalyst 6500 Series Switch Installation Guide
• Catalyst 6500 Series Switch Module Installation Guide
• Cisco IOS Master Command List
• Catalyst 6500 Series Switch Cisco IOS System Message Guide, Release 12.2SX
• Release Notes for Cisco IOS Release 12.2SX
• Cisco IOS Configuration Guides and Command References:
http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
Convention Description
boldface font Commands, command options, and keywords are in boldface.
italic font Arguments for which you supply values are in italics.
OL-13013-06
Notes use the following conventions:
Note Means reader take note. Notes contain helpful suggestions or references to material not covered in the
publication.
Cautions use the following conventions:
Caution Means reader be careful. In this situation, you might do something that could result in equipment
damage or loss of data.
Obtaining Documentation, Obtaining Support, and Security Guidelines
For information on obtaining documentation, obtaining support, providing documentation feedback,
security guidelines, and also recommended aliases and general Cisco documents, see the monthly
What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical
documentation, at:
Tip For additional information about Cisco Catalyst 6500 Series Switches (including configuration examples
and troubleshooting information), see the documents listed on this page:
http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html
[ ] Elements in square brackets are optional.
{ x | y | z } Alternative keywords are grouped in braces and separated by vertical bars.
[ x | y | z ] Optional alternative keywords are grouped in brackets and separated by
vertical bars.
string A nonquoted set of characters. Do not use quotation marks around the
string or the string will include the quotation marks.
screen font Terminal sessions and information the system displays are in screen font.
boldface screen
Information you must enter is in boldface screen font.
italic screen font Arguments for which you supply values are in italic screen font.
This pointer highlights an important line of text in an example.
^ The symbol represents the key labeled Control—for example, the key
combination ^D in a screen display means hold down the Control key
while you press the D key.
< > Nonprinting characters, such as passwords are in angle brackets.
Convention Description
OL-13013-06
OL-13013-06
1-1
OL-13013-06
• Supervisor Engine Memory Devices and Ports, page 1-1
• User Interfaces, page 1-5
• Module Status Monitoring, page 1-6
• Software Features Supported in Hardware by the PFC and DFC, page 1-6
Tip For additional information about Cisco Catalyst 6500 Series Switches (including configuration examples
and troubleshooting information), see the documents listed on this page:
http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html
Participate in the Technical Documentation Ideas forum
Supervisor Engine Memory Devices and Ports For complete information about the chassis, modules, and software features supported by
Cisco IOS Release 12.2SX, see the Release Notes for Cisco IOS Release 12.2SX :
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/release/notes/ol_14271.html
These sections describe the ports and flash memory devices on the supervisor engines:
• Understanding Supervisor Engine 720-10GE Memory Devices and Ports, page 1-1
• Understanding Supervisor Engine 720 Memory Devices and Ports, page 1-2
• Understanding Supervisor Engine 32 Memory Devices and Ports, page 1-4
• Understanding ME6500 Flash Memory Devices and Ports, page 1-5
Understanding Supervisor Engine 720-10GE Memory Devices and Ports
These sections describe the Supervisor Engine 720-10GE memory devices and ports:
• Supervisor Engine 720-10GE Flash Memory Devices, page 1-2
• Supervisor Engine 720-10GE Ports, page 1-2
OL-13013-06
The Supervisor Engine 720-10GE has these flash memory devices:
• disk0: (active) and slavedisk0: (standby):
– External CompactFlash Type II slots
– For CompactFlash Type II flash PC cards sold by Cisco Systems, Inc.
• sup-bootdisk: (active) and slavesup-bootdisk: (standby):
– From SP ROMMON, it is bootdisk:
– Not accessible from route processor (RP) ROMMON
• bootflash: (active) and slave-bootflash: (standby):
Supervisor Engine 720-10GE Ports
• Console port—EIA/TIA-232 (RS-232) port
• Ports 1 and 2
– Fast Ethernet SFP
• Ports 4 and 5—10-Gigabit Ethernet X2
Note The 1-Gigabit Ethernet ports and the 10-Gigabit Ethernet ports have the same QoS port architecture
(2q4t/1p3q4t) unless you disable the 1-Gigabit Ethernet ports with the mls qos 10g-only global
configuration command. With the 1-Gigabit Ethernet ports disabled, the QoS port architecture of the
10-Gigabit Ethernet ports is 8q4t/1p7q4t.
See the “Configuring Optional Interface Features” section on page 8-6 for information about configuring
the ports.
Understanding Supervisor Engine 720 Memory Devices and Ports
These sections describe the Supervisor Engine 720 memory devices and ports:
• Supervisor Engine 720 Flash Memory Devices, page 1-3
• Configuring Supervisor Engine 720 Ports, page 1-3
OL-13013-06
The Supervisor Engine 720 has these flash memory devices:
• disk0: and disk1: (active) and slavedisk0: and slavedisk1: (standby):
– External CompactFlash Type II slots
– For CompactFlash Type II flash PC cards sold by Cisco Systems, Inc.
• sup-bootflash: (active) and slavesup-bootflash: (standby):
– From SP ROMMON, it is bootflash:
– Not accessible from route processor (RP) ROMMON
• With WS-CF-UPG=, sup-bootdisk: (active) and slavesup-bootflash: (standby):
– SP 512-MB internal CompactFlash flash memory
– From SP ROMMON, it is bootdisk:
– Not accessible from RP ROMMON
– See this publication for more information:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/hardware/Config_Notes/78_1727
7.html
The Supervisor Engine 720 has these ports:
• Port 1—Small form-factor pluggable (SFP); no unique configuration options.
• Port 2— RJ-45 connector and an SFP connector (default). To use the RJ-45 connector, you must
change the configuration.
To configure port 2 on a Supervisor Engine 720 to use either the RJ-45 connector or the SFP
connector, perform this task:
This example shows how to configure port 2 on a Supervisor Engine 720 in slot 5 to use the RJ-45
connector:
Router(config-if)# media-type rj45
See the “Configuring Optional Interface Features” section on page 8-6 for more information about
configuring the ports.
Step 1 Router(config)# interface gigabitethernet slot/ 2 Selects the Ethernet port to be configured.
Step 2 Router(config-if)# media-type {rj45 | sfp} Selects the connector to use.
OL-13013-06
Understanding Supervisor Engine 32 Memory Devices and Ports
These sections describe the Supervisor Engine 32 memory devices and ports:
• Supervisor Engine 32 Flash Memory Devices, page 1-4
• Supervisor Engine 32 Ports, page 1-4
Note Supervisor Engine 32 does not support switch fabric connectivity.
Supervisor Engine 32 Flash Memory Devices
The Supervisor Engine 32 has these flash memory devices:
• disk0: (active) and slavedisk0: (standby):
– External CompactFlash Type II slots
– For CompactFlash Type II flash PC cards sold by Cisco Systems, Inc.
• sup-bootdisk: (active) and slavesup-bootflash: (standby):
– From SP ROMMON, it is bootdisk:
– Not accessible from route processor (RP) ROMMON
• bootflash: (active) and slave-bootflash: (standby):
Supervisor Engine 32 Ports
• Console port—EIA/TIA-232 (RS-232) port
• Two Universal Serial Bus (USB) 2.0 ports—Not currently enabled
• WS-SUP32-GE-3B:
– Port 9—10/100/1000 Mbps RJ-45
• WS-SUP32-10GE:
– Port 3—10/100/1000 Mbps RJ-45
See the “Configuring Optional Interface Features” section on page 8-6 for information about configuring
the ports.
OL-13013-06
Understanding ME6500 Flash Memory Devices and Ports
These sections describe the Cisco ME6500 series Ethernet switch memory devices and ports:
• ME6500 Flash Memory Devices, page 1-5
• ME6500 Ports, page 1-5
ME6500 Flash Memory Devices
• disk0:
– Supports CompactFlash Type II flash PC cards
• sup-bootflash:
– From SP ROMMON, it is bootflash:
– Not accessible from route processor (RP) ROMMON
• bootflash:
ME6500 Ports
• ME-C6524GS-8S and ME-C6524GT-8S
– Requires Gigabit Ethernet SFPs
– Requires Gigabit Ethernet SFPs
• CLI—See Chapter 2, “Command-Line Interfaces.”
• SNMP—See the Release 12.2 IOS Configuration Fundamentals Configuration Guide and
Command Reference at this URL:
OL-13013-06
Module Status Monitoring
• Cisco IOS web browser interface—See “Using the Cisco Web Browser” in the IOS Configuration
Fundamentals Configuration Guide at this URL:
http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/fcf005.html
Module Status Monitoring The supervisor engine polls the installed modules with Switch Communication Protocol (SCP) messages
to monitor module status.
The SCP sends a message every two seconds to each module. Module nonresponse after 3 messages
(6 seconds) is classified as a failure. CPU_MONITOR system messages are sent every 30 seconds. After
25 sequential failures (150 seconds), the supervisor engine power cycles the module and sends a
CPU_MONITOR TIMED_OUT system message and OIR PWRCYCLE system messages.
Software Features Supported in Hardware by the PFC and DFC The PFC3 and DFC3 provide hardware support for these Cisco IOS software features:
• Access Control Lists (ACLs) for Layer 3 ports and VLAN interfaces:
– Permit and deny actions of input and output standard and extended ACLs
Note Flows that require ACL logging are processed in software on the route processor (RP).
– Except on MPLS interfaces, reflexive ACL flows after the first packet in a session is processed
in software on the RP
– Dynamic ACL flows
Note Idle timeout is processed in software on the RP.
For more information about PFC and DFC support for ACLs, see Chapter 49, “Understanding Cisco
IOS ACL Support.”
For complete information about configuring ACLs, see the Cisco IOS Security Configuration Guide,
Release 12.2, “Traffic Filtering and Firewalls,” at this URL:
http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfacls.html
Bidirectional PIM” section on page 37-9.
• IPv4 Multicast over point-to-point generic route encapsulation (GRE) Tunnels—See the publication
at this URL:
• Multiple-path Unicast Reverse Path Forwarding (RPF) Check—To configure Unicast RPF Check,
see the “Configuring Unicast Reverse Path Forwarding Check” section on page 47-2 .
• Except on MPLS interfaces, Network Address Translation (NAT) for IPv4 unicast and multicast
traffic.
OL-13013-06
Software Features Supported in Hardware by the PFC and DFC
– NAT of UDP traffic is not supported in PFC3A mode.
– The PFC3 does not support NAT of multicast traffic.
– The PFC3 does not support NAT configured with a route-map that specifies length.
– When you configure NAT and NDE on an interface, the PFC3 sends all traffic in fragmented
packets to the RP to be processed in software. (CSCdz51590)
To configure NAT, see the Cisco IOS IP Configuration Guide, Release 12.2, “IP Addressing and
Services,” “Configuring IP Addressing,” “Configuring Network Address Translation,” at this URL:
http://www.cisco.com/en/US/docs/ios/12_2/ip/configuration/guide/1cfipadr.html
To prevent a significant volume of NAT traffic from being sent to the RP, due to either a DoS attack
or a misconfiguration, enter the mls rate-limit unicast acl {ingress | egress} command described
at this URL:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/netfl
ow.html#NetFlow_Aggregation
• Policy-based routing (PBR) for route-map sequences that use the match ip address, set ip
next-hop, and ip default next-hop PBR keywords.
To configure PBR, see the Cisco IOS Quality of Service Solutions Configuration Guide, Release
12.2, “Classification,” “Configuring Policy-Based Routing,” at this URL:
http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfpbr_ps1835_TSD_Products_C
onfiguration_Guide_Chapter.html
Note If the RP address falls within the range of a PBR ACL, traffic addressed to the RP is policy
routed in hardware instead of being forwarded to the RP. To prevent policy routing of traffic
addressed to the RP, configure PBR ACLs to deny traffic addressed to the RP.
• Except on MPLS interfaces, TCP intercept—To configure TCP intercept, see the “Configuring TCP
Intercept” section on page 47-2.
Note The PFC3 does not provide hardware acceleration for tunnels configured with the tunnel key command.
• GRE Tunneling and IP in IP Tunneling—The PFC3 and DFC3s support the following tunnel
commands:
– tunnel source
– tunnel ttl
– tunnel tos
Other supported types of tunneling run in software on the RP.
OL-13013-06
Software Features Supported in Hardware by the PFC and DFC
The tunnel ttl command (default 255) sets the TTL of encapsulated packets.
The tunnel tos command, if present, sets the ToS byte of a packet when it is encapsulated. If the
tunnel tos command is not present and QoS is not enabled, the ToS byte of a packet sets the ToS
byte of the packet when it is encapsulated. If the tunnel tos command is not present and QoS is
enabled, the ToS byte of a packet as modified by PFC QoS sets the ToS byte of the packet when it
is encapsulated.
To configure GRE Tunneling and IP in IP Tunneling, see these publications:
http://www.cisco.com/en/US/docs/ios/12_2/interface/configuration/guide/icflogin.html
http://www.cisco.com/en/US/docs/ios/12_2/interface/command/reference/irfshoip.html
To configure the tunnel tos and tunnel ttl commands, see this publication for more information:
http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/12s_tos.html
– Each hardware-assisted tunnel must have a unique source. Hardware-assisted tunnels cannot
share a source even if the destinations are different. Use secondary addresses on loopback
interfaces or create multiple loopback interfaces. Failure to use unique source addresses may
result in control plane failures when software path congestion occurs. (CSCdy72539)
– Each tunnel interface uses one internal VLAN.
– Each tunnel interface uses one additional router MAC address entry per router MAC address.
– The PFC3A does not support any PFC QoS features on tunnel interfaces.
– Other PFC versions support PFC QoS features on tunnel interfaces.
– The RP supports tunnels configured with egress features on the tunnel interface. Examples of
egress features are output Cisco IOS ACLs, NAT (for inside to outside translation), TCP
intercept, and encryption.
• VLAN ACLs (VACLs)—To configure VACLs, see Chapter 51, “Configuring Port ACLs and VLAN
Configuration Fundamentals
2-1
OL-13013-06
2 Command-Line Interfaces
This chapter describes the command-line interfaces (CLIs) you use to configure the switches supported
by Cisco IOS Release 12.2SX.
Note For complete syntax and usage information for the commands used in this chapter, see these
publications:
http://www.cisco.com/en/US/docs/ios/mcl/allreleasemcl/all_book.html
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_installation_and_configuratio
n_guides_list.html
Tip For additional information about Cisco Catalyst 6500 Series Switches (including configuration examples
and troubleshooting information), see the documents listed on this page:
http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html
This chapter consists of these sections:
• Accessing the CLI, page 2-2
• Performing Command Line Processing, page 2-3
• Performing History Substitution, page 2-4
• Cisco IOS Command Modes, page 2-4
• Displaying a List of Cisco IOS Commands and Syntax, page 2-5
• Securing the CLI, page 2-6
• ROM-Monitor Command-Line Interface, page 2-7
OL-13013-06
• Accessing the CLI through the EIA/TIA-232 Console Interface, page 2-2
• Accessing the CLI through Telnet, page 2-2
Accessing the CLI through the EIA/TIA-232 Console Interface
Note EIA/TIA-232 was known as recommended standard 232 (RS-232) before its acceptance as a standard by
the Electronic Industries Alliance (EIA) and Telecommunications Industry Association (TIA).
Perform initial configuration over a connection to the EIA/TIA-232 console interface. See the
Catalyst 6500 Series Switch Module Installation Guide for console interface cable connection
procedures.
After making a console connection, you see this display:
Press Return for Console prompt
Router> enable Password:
Accessing the CLI through Telnet
Note Before you can make a Telnet connection to the switch, you must configure an IP address (see the
“Configuring IPv4 Routing and Addresses” section on page 30-4).
The switch supports up to eight simultaneous Telnet sessions. Telnet sessions disconnect automatically
after remaining idle for the period specified with the exec-timeout command.
To make a Telnet connection to the switch, perform this task:
Command Purpose
Step 3 Password: password
Step 4 Router# quit Exits the session when finished.
OL-13013-06
Chapter 2 Command-Line Interfaces
Performing Command Line Processing
This example shows how to open a Telnet session to the switch:
unix_host% telnet Router_1 Trying 172.20.52.40...
Connected to 172.20.52.40. Escape character is '^]'.
User Access Verification
Router_1#
Performing Command Line Processing Commands are not case sensitive. You can abbreviate commands and parameters if the abbreviations
contain enough letters to be different from any other currently available commands or parameters. You
can scroll through the last 20 commands stored in the history buffer, and enter or edit the command at
the prompt. Table 2-1 lists the keyboard shortcuts for entering and editing commands.
Command Purpose
Step 1 telnet {hostname | ip_addr } Makes a Telnet connection from the remote host to the
switch you want to access.
Step 2 Password: password
Step 3 Router> enable Initiates enable mode enable.
Step 4 Password: password
Step 5 Router# quit Exits the session when finished.
Table 2-1 Keyboard Shortcuts
press the left arrow key1
1. The arrow keys function only on ANSI-compatible terminals such as VT100s.
Moves the cursor back one character.
Press Ctrl-F or
press the right arrow key1 Moves the cursor forward one character.
Press Ctrl-A Moves the cursor to the beginning of the command line.
Press Ctrl-E Moves the cursor to the end of the command line.
Press Esc B Moves the cursor back one word.
Press Esc F Moves the cursor forward one word.
OL-13013-06
Performing History Substitution
Performing History Substitution The history buffer stores the last 20 commands you entered. History substitution allows you to access
these commands without retyping them, by using special abbreviated commands. Table 2-2 lists the
history substitution commands.
Cisco IOS Command Modes
Note For complete information about Cisco IOS command modes, see the Cisco IOS Configuration
Fundamentals Configuration Guide at this URL:
http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/ffun_c.html
The Cisco IOS user interface is divided into many different modes. The commands available to you
depend on which mode you are currently in. To get a list of the commands in a given mode, type a
question mark (?) at the system prompt. See the “Displaying a List of Cisco IOS Commands and Syntax”
section on page 2-5.
When you start a session on the switch, you begin in user mode, often called user EXEC mode. Only a
limited subset of the commands are available in EXEC mode. To have access to all commands, you must
enter privileged EXEC mode. Normally, you must type in a password to access privileged EXEC mode.
From privileged EXEC mode, you can type in any EXEC command or access global configuration mode.
The configuration modes allow you to make changes to the running configuration. If you later save the
configuration, these commands are stored across reboots. You must start at global configuration mode.
From global configuration mode, you can enter interface configuration mode, subinterface configuration
mode, and a variety of protocol-specific modes.
Note With Release 12.1(11b)E and later, when you are in configuration mode you can enter EXEC mode-level
commands by entering the do keyword before the EXEC mode-level command.
Table 2-2 History Substitution Commands
Command Purpose
Ctrl-P or the up arrow key.1
1. The arrow keys function only on ANSI-compatible terminals such as VT100s.
Recalls commands in the history buffer, beginning
with the most recent command. Repeat the key
sequence to recall successively older commands.
Ctrl-N or the down arrow key.1 Returns to more recent commands in the history
buffer after recalling commands with Ctrl-P or the
up arrow key. Repeat the key sequence to recall
successively more recent commands.
Router# show history While in EXEC mode, lists the last several
commands you have just entered.
OL-13013-06
Displaying a List of Cisco IOS Commands and Syntax
ROM-monitor mode is a separate mode used when the switch cannot boot properly. For example, the
switch might enter ROM-monitor mode if it does not find a valid system image when it is booting, or if
its configuration file is corrupted at startup. See the “ROM-Monitor Command-Line Interface” section
on page 2-7.
Table 2-3 lists and describes frequently used Cisco IOS modes.
The Cisco IOS command interpreter, called the EXEC, interprets and executes the commands you enter.
You can abbreviate commands and keywords by entering just enough characters to make the command
unique from other commands. For example, you can abbreviate the show command to sh and the
configure terminal command to config t.
When you type exit, the switch backs out one level. To exit configuration mode completely and return
to privileged EXEC mode, press Ctrl-Z.
Displaying a List of Cisco IOS Commands and Syntax In any command mode, you can display a list of available commands by entering a question mark (?).
Router> ?
To display a list of commands that begin with a particular character sequence, type in those characters
followed by the question mark (?). Do not include a space. This form of help is called word help because
it completes a word for you.
Router# co?
User EXEC Connect to remote devices, change
terminal settings on a temporary
basis, perform basic tests, and
display system information.
Log in. Router>
privileged command set includes
mode, as well as the configure
command. Use this command to
access the other command modes.
From the user EXEC mode, enter
the enable command and the
enable password.
system as a whole.
enter the configure terminal
particular interface. Interface
operation of an interface.
From global configuration mode,
command.
Router(config-if)#
console or the virtual terminal
used with Telnet, use this
configuration mode to configure
Router(config-line)#
OL-13013-06
collect configure connect copy
To display keywords or arguments, enter a question mark in place of a keyword or argument. Include a
space before the question mark. This form of help is called command syntax help because it reminds you
which keywords or arguments are applicable based on the command, keywords, and arguments you have
already entered.
For example:
Router# configure ?
memory Configure from NV memory network Configure from a TFTP network host
overwrite-network Overwrite NV memory from TFTP network host
terminal Configure from the terminal
<cr>
To redisplay a command you previously entered, press the up arrow key or Ctrl-P. You can continue to
press the up arrow key to see the last 20 commands you entered.
Tip If you are having trouble entering a command, check the system prompt, and enter the question mark (?)
for a list of available commands. You might be in the wrong command mode or using incorrect syntax.
Enter exit to return to the previous mode. Press Ctrl-Z or enter the end command in any mode to
immediately return to privileged EXEC mode.
Securing the CLI Securing access to the CLI prevents unauthorized users from viewing configuration settings or making
configuration changes that can disrupt the stability of your network or compromise your network
security. You can create a strong and flexible security scheme for your switch by configuring one or more
of these security features:
• Protecting access to privileged EXEC commands
At a minimum, you should configure separate passwords for the user EXEC and privileged EXEC
(enable) IOS command modes. You can further increase the level of security by configuring
username and password pairs to limit access to CLI sessions to specific users. For more information,
see “Configuring Security with Passwords, Privilege Levels, and Login Usernames for CLI Sessions
on Networking Devices” at this URL:
http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_cfg_sec_4cli.html
• Controlling switch access with RADIUS, TACACS+, or Kerberos
For a centralized and scalable security scheme, you can require users to be authenticated and
authorized by an external security server running either Remote Authentication Dial-In User Service
(RADIUS), Terminal Access Controller Access-Control System Plus (TACACS+), or Kerberos.
For more information about RADIUS, see “Configuring RADIUS” at this URL:
http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfrad.html
For more information about TACACS+, see “Configuring TACACS+” at this URL:
http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scftplus.html
For more information about Kerberos, see “Configuring Kerberos” at this URL:
OL-13013-06
• Configuring a secure connection with SSH or HTTPS
To prevent eavesdropping of your configuration session, you can use a Secure Shell (SSH) client or
a browser that supports HTTP over Secure Socket Layer (HTTPS) to make an encrypted connection
to the switch.
For more information about SSH, see “Configuring Secure Shell” at this URL:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_ssh/configuration/12-2sx/sec-secure-copy.h
tml
For more information about HTTPS, see “HTTPS - HTTP Server and Client with SSL 3.0” at this
URL:
http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_cfg_sec_4cli.ht
ml
• Copying configuration files securely with SCP
To prevent eavesdropping when copying configuration files or image files to or from the switch, you
can use the Secure Copy Protocol (SCP) to perform an encrypted file transfer. For more information
about SCP, see “Secure Copy” at this URL:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_ssh/configuration/12-2sy/sec-usr-ssh-sec-c
opy.html
For additional information about securing the CLI, see “Cisco IOS Security Configuration Guide:
Securing User Services, Release 12.2SX” at this URL:
http://www.cisco.com/en/US/docs/ios-xml/ios/security/config_library/12-2sx/secuser-12-2sx-library.ht
ml
ROM-Monitor Command-Line Interface The ROM-monitor is a ROM-based program that executes upon platform power-up, reset, or when a fatal
exception occurs. The switch enters ROM-monitor mode if it does not find a valid software image, if the
NVRAM configuration is corrupted, or if the configuration register is set to enter ROM-monitor mode.
From the ROM-monitor mode, you can load a software image manually from flash memory, from a
network server file, or from bootflash.
You can also enter ROM-monitor mode by restarting and pressing the Break key during the first 60
seconds of startup.
Note The Break key is always enabled for 60 seconds after rebooting, regardless of whether the Break key is
configured to be off by configuration register settings.
To access the ROM-monitor mode through a terminal server, you can escape to the Telnet prompt and
enter the send break command for your terminal emulation program to break into ROM-monitor mode.
Once you are in ROM-monitor mode, the prompt changes to rommon 1>. Enter a question mark ( ?) to
see the available ROM-monitor commands.
For more information about the ROM-monitor commands, see the Cisco IOS Master Command List.
OL-13013-06
Tip For additional information about Cisco Catalyst 6500 Series Switches (including configuration examples
and troubleshooting information), see the documents listed on this page:
http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html
3-1
OL-13013-06
3 Configuring Smart Port Macros
This chapter describes how to configure and apply smart port macros. Release 12.2(33)SXH and later
releases support smart port macros.
Note For complete syntax and usage information for the commands used in this chapter, see the Cisco IOS
Master Command List, at this URL:
http://www.cisco.com/en/US/docs/ios/mcl/allreleasemcl/all_book.html
Tip For additional information about Cisco Catalyst 6500 Series Switches (including configuration examples
and troubleshooting information), see the documents listed on this page:
http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html
This chapter consists of these sections:
• Understanding Smart Port Macros, page 3-1
• Configuring Smart Port Macros, page 3-2
• Displaying Smart Port Macros, page 3-16
Understanding Smart Port Macros These sections describe smart port macros:
• Understanding Cisco-Provided Smart Port Macros, page 3-1
• Understanding User-Created Smart Port Macros, page 3-2
Understanding Cisco-Provided Smart Port Macros
There are Cisco-provided smart port macros embedded in the switch software (see Table 3-1). You can
display these macros and the commands they contain by using the show parser macro user EXEC
OL-13013-06
Configuring Smart Port Macros
Cisco also provides a collection of pretested, Cisco-recommended baseline configuration templates for
Catalyst switches. The online reference guide templates provide the CLI commands that you can use to
create smart port macros based on the usage of the port. You can use the configuration templates to create
smart port macros to build and deploy Cisco-recommended network designs and configurations.
Understanding User-Created Smart Port Macros
Smart port macros provide a convenient way to save and share common configurations. You can use
smart port macros to enable features and settings based on the location of a switch in the network and
for mass configuration deployments across the network.
Each smart port macro is a user-defined set of Cisco IOS CLI commands. When you apply a smart port
macro on an interface, the CLI commands within the macro are configured on the interface. When the
macro is applied to an interface, the existing interface configurations are not lost. The new commands
are added to the interface and are saved in the running configuration file.
Configuring Smart Port Macros • Smart Port Macro Default Configuration, page 3-2
• Smart Port Macro Configuration Guidelines, page 3-3
• Applying the Cisco-Provided Smart Port Macros, page 3-4
• Configuring User-Created Smart Port Macros, page 3-13
Smart Port Macro Default Configuration
This example shows how to list the Cisco-provided smart port macros:
Router# show parser macro brief | include default
default global : cisco-global
Macro Name Description
cisco-global Use this global configuration macro to enable load balancing across VLANs, provide
rapid convergence of spanning-tree instances and to enable port error recovery.
cisco-desktop Use this interface configuration macro for increased network security and reliability
when connecting a desktop device, such as a PC, to a switch port.
cisco-phone Use this interface configuration macro when connecting a desktop device such as a
PC with a Cisco IP phone to a switch port. This macro is an extension of the
cisco-desktop macro and provides the same security and resiliency features, but with
the addition of dedicated voice VLANs to ensure proper treatment of delay-sensitive
voice traffic.
cisco-switch Use this interface configuration macro for Layer 2 connections between devices like
switches and routers.
cisco-router Use this interface configuration macro for Layer 3 connections between devices like
switches and routers.
OL-13013-06
Configuring Smart Port Macros
default interface: cisco-router
There are no smart port macros applied to any interfaces.
Smart Port Macro Configuration Guidelines
These section describe the smart port macro configuration guidelines:
• You can display all of the macros on the switch by using the show parser macro user EXEC
command. Display the contents of a specific macro by using the show parser macro name
macro-name user EXEC command.
• A macro cannot be edited. If the name following the macro name command is an existing macro’s
name, that macro is replaced by the new macro.
• If a description already exists for a macro, the macro description command appends any
description that you enter to the existing description; it does not replace it. The entered descriptions
are separated by the pipe (“|”) character.
• The maximum macro description length is 256 characters. When the description string becomes
longer than 256 characters, the oldest descriptions are deleted to make room for new ones.
• User-created recursive macros are not supported. You cannot define a macro that calls another
macro.
• Each user-created macro can have up to three keyword-value pairs.
• A macro definition can contain up to 3,000 characters. Line endings count as two characters.
• When creating a macro, do not use the exit or end commands or change the command mode by using
interface interface-id . This could cause commands that follow exit, end, or interface interface-id
to execute in a different command mode. When creating a macro, all CLI commands should be in
the same configuration mode.
• When creating a macro that requires the assignment of unique values, use the parameter value
keywords to designate values specific to the interface. Keyword matching is case sensitive. All
matching occurrences of the keyword are replaced with the corresponding value. Any full match of
a keyword, even if it is part of a larger string, is considered a match and is replaced by the
corresponding value.
• Macro names are case sensitive. For example, the commands macro name Sample-Macro and
macro name sample-macro will result in two separate macros.
• Some macros might contain keywords that require a parameter value. You can use the macro global
apply macro-name ? global configuration command or the macro apply macro-name ? interface
configuration command to display a list of any required values in the macro. If you apply a macro
without entering the keyword values, the commands are invalid and are not applied.
• When a macro is applied globally to a switch or to a switch interface, the existing configuration on
the interface is retained. This is helpful w